Device-Independent Quantum Key Distribution with Local Bell Test

Device-independent quantum key distribution (DIQKD) in its current design requires a violation of Bell's inequality between two honest parties, Alice and Bob, who are connected by a quantum channel. However, in reality, quantum channels are lossy, and this can be exploited for attacks based on the detection loophole. Here, we propose a novel approach to DIQKD that overcomes this limitation. In particular, based on a combination between an entropic uncertainty relation and the Clauser-Horne-Shimony-Holt (CHSH) test, we design a DIQKD protocol where the CHSH test is carried out entirely in Alice's laboratory. Thus the loophole caused by channel losses is avoided.


I. INTRODUCTION
The security of quantum key distribution (QKD) [1,2] relies on the fact that two honest parties, Alice and Bob, can devise tests-utilizing laws of quantum physics-to detect any attack by an eavesdropper, Eve, that would compromise the secrecy of the key strings they generate [3].While the theoretical principles allowing this are nowadays well understood, it turns out that realizing QKD with practical devices is rather challenging.That is, the devices must conform to very specific models, otherwise the implementation may contain loopholes allowing side-channel attacks [4].
In general, there are two broad approaches towards overcoming such implementation flaws.The first is to include all possible imperfections into the model used in the security analysis.This approach, however, is quite cumbersome and it is unclear whether any specific model includes all practically relevant imperfections.In the second approach, which is known as device-independent QKD (DIQKD) [5][6][7][8][9], the security is based solely on the observation of non-local statistical correlations, thus it is no longer necessary to provide any model for the devices (though a few assumptions are still required).In this respect, DIQKD appears to be the ultimate solution to guarantee security against inadvertently flawed devices and side-channel attacks.
DIQKD in its current design requires the two distant parties Alice and Bob to perform a Bell test [10] (typically the Clauser-Horne-Shimony-Holt (CHSH) test [11]), which is applied to pairs of entangled quantum systems shared between them.In practice, these quantum systems are typically realized by photons, which are distributed via an optical fiber.Hence, due to losses during the transmission, the individual measurements carried out on Alice's and Bob's sites only succeed with bounded (and often small) probability.In standard Bell experiments, one normally accounts for these losses by introducing the fair-sampling assumption, which asserts that the set of runs of the experiment-in which both Alice's and Bob's measurements succeeded-is representative for the set of all runs.
In the context of DIQKD, however, the fair-sampling assumption is not justified since Eve may have control over the set of detected events.More concretely, she may use her control to emulate quantum correlations based on a local deterministic model, i.e., she instructs the detector to click only if the measurement setting (chosen by the party, e.g., Alice) is compatible with the prearranged values.This problem is commonly known as the detection-loophole [12].In fact, for state-of-the-art DIQKD protocols, it has been shown in Ref. [13] that the detection-loophole is already unavoidable when using optical fibers of about 5km length.
One possible solution to this problem are heralded qubit amplifiers [14], which have been proposed recently.The basic idea is to herald the arrival of an incoming quantum system without destroying the quantum information it carries.This allows Alice and Bob to choose their measurement settings only after receiving the confirmation, which is crucial for guaranteeing security.Unfortunately, realizing an efficient heralded qubit amplifier that is applicable for long distance DIQKD is extremely challenging; although there has been progress along this direction [15].
In this work, we take a different approach to circumvent the detection-loophole.We propose a protocol that combines a self-testing scheme for the Bennett and Brassard (BB84) states [1] with a protocol topology inspired by the "time-reversed" BB84 protocol [16][17][18][19].Crucially, the protocol only requires Bell tests carried out locally in Alice's laboratory, so that the detection probabilities are not affected by the losses in the channel connecting Alice and Bob.We show that the protocol provides deviceindependent security under the assumption that certain devices are causally independent (see below for a more precise specification of the assumptions).
In contrast to existing protocols for DIQKD, whose security is inferred from the monogamy of non-local correlations, the security of our protocol is proved using a recent generalization of the entropic uncertainty relation that accounts for quantum side information [20].This is the key ingredient that allows us to circumvent the need to bound the non-locality between particle pairs shared by Alice and Bob (non-locality over larger distances is hard to achieve, as explained above).Instead, the uncer-tainty relation solely depends on the local properties of the states sent by Alice, which in turn, can be inferred from the local Bell test.
Technically, our security proof uses a relation between the local CHSH test and a variant of the entropic uncertainty relation for smooth entropies [21].The analysis applies to the (practically relevant) finite-size regime, where the secret key is generated after a finite number of channel uses.The resulting bounds on the achievable key size are comparable to the almost tight finite-size result [22] for the BB84 protocol.Furthermore, in the (commonly studied) asymptotic limit where the number of channel uses tends to infinity, and in the limiting case where the CHSH inequality is maximally violated, the performance of our protocol reaches the one of the BB84 protocol.

II. REQUIRED ASSUMPTIONS
As mentioned above, our goal is to impose only limited and realistic assumptions on the devices used by Alice and Bob.These are as follows: First, it is assumed that Alice and Bob's laboratories are perfectly isolated, i.e., no information leaves a party's laboratory unless this is foreseen by the protocol.Second, we assume that Alice and Bob can locally carry out classical computations using trusted devices and that they have trusted sources of randomness.Third, we assume that Alice and Bob share an authenticated classical channel.Finally, we require that the devices of Alice and Bob are causally independent, that is, there is no correlation in their behavior between different uses.This, for instance, is guaranteed if the devices have no internal memory or if their memory can be reliably erased after each use.
We remark that, in very recent work [23][24][25], it has been shown that this last assumption can be weakened further for standard DIQKD protocols.More precisely, it is shown that the assumption of causal independence can be dropped for the repeated uses of a device within one execution of the protocol.However, the assumption of causal independence still needs to be made when the same devices are reused in a subsequent execution of the protocol, as information about previously generated keys may leak otherwise [26].

III. PROTOCOL TOPOLOGY
In this section we describe the basic idea and the main structure of the QKD scheme we propose.The actual protocol will then be detailed in the next section.
Our proposal is motivated by the time-reversed BB84 protocol [16][17][18][19].This protocol involves a third party, Charlie, whose task is to help Alice and Bob distribute their key strings.Importantly, however, no trust in this third party is required.While a deviation of Charlie from the protocol may cause abortion of the key distribution protocol, it will not compromise the secrecy of a successfully distributed key string.The time-reversed BB84 protocol consists of the followings steps: first, Alice and Bob each generate a pair of qubits in the maximally entangled state |Φ + = (|00 + |11 ) √ 2 and send one of their qubits to Charlie.Subsequently, Charlie performs a Bellstate-measurement (BSM) on the two received qubits and broadcasts the outcome to Alice and Bob [27].The two remaining qubits held by Alice and Bob are now in a Bell state.Alice then applies appropriate bit and phase flips on her qubit to convert this joint state to |Φ + .Finally, Alice and Bob measure their qubits at random in one of the two BB84 bases.Note that Alice and Bob can alternatively measure the qubits they kept before Charlie performs the BSM, and Alice flips the outcome of her measurement if necessary once she has received the correction (i.e., the outcome of the BSM) from Charlie.
The security of the time-reversed BB84 protocol, as described above, depends on the correct preparation and measurement of the states by Alice and Bob.In order to turn this protocol into a device independent one, we add a CHSH test on Alice's site.Security is then established by virtue of a relation between the violation of this CHSH test and the incompatibility of the two possible measurements carried out by Alice's device (which are supposed to be in the two BB84 bases).More precisely, we bound the overlap between the basis vectors of the two measurements that Alice may choose.This is all that is needed to apply the entropic uncertainty relation [21] mentioned in the introduction, which allows us to infer security without any further assumptions on Alice's and Bob's devices.We note that our modification of the time-reversed BB84 protocol is reminiscent of the idea of self-testing of devices introduced by Mayers and Yao [28] (see Ref. [29] for the CHSH version).Our test has however a different purpose: its goal is to certify the incompatibility of Alice's local measurements, while the test of Mayers and Yao certifies that Alice and Bob share a maximally entangled state.
In order to realize the CHSH test, we use a setup with three different devices on Alice's site: two measurement devices M key , M test and a source device S (see Fig. 1).The source device generates a pair of entangled qubits and sends them to M key and M test .The device M key has two settings {X, Z} [30] and produces a binary output after one of the settings is chosen by Alice.The device M test has three settings {U, V, P}.The first two produce a binary output (a measurement outcome), and the last one sends the qubit (from the device S) to the quantum channel which connects to Charlie.Alice has therefore two modes of operation, of which one (corresponding to the settings U, V) is used to carry out the CHSH test and one (corresponding to the setting P) is chosen to communicate to Charlie.We refer to these operation modes as Γ CHSH and Γ QKD , respectively.
Bob has two devices: a measurement device M key and a source device S .The latter generates entangled qubits and sends one of them to the quantum channel and the other to M key .The device M key has two settings {X, Z} and produces a binary output after one of the settings is chosen by Bob.

IV. PROTOCOL DESCRIPTION
The protocol is parameterized by the secret key length , the classical post-processing block size m x , the error rate estimation sample size m z , the local CHSH test sample size m j , the tolerated CHSH value S tol , the tolerated channel error rate Q tol , the tolerated efficiency of Charlie's operation η tol , the error correction leakage leak EC and the required correctness ε cor .
In the following, the first three steps are repeated until the conditions in the sifting step are satisfied. 2and Γ QKD is selected with probability 1−p s [31].

State preparation and distribution: Alice selects an operation mode h
In the following, we describe Γ CHSH and Γ QKD formally for each of the runs, which we label with indices i.
Γ CHSH : Alice measures both halves of the bipartite state.More specifically, she chooses two bit values u i , v i uniformly at random, where u i sets the measurement on the first half to X or Z and v i sets the measurement on the second half to U or V.The outputs of each measurement are recorded in s i and t i , respectively.
Γ QKD : Alice selects a measurement setting a i ∈ {X, Z} with probabilities p x = 1/(1 + (m z /m x )) and 1 − p x , respectively [31], measures one half of the bipartite state with it and stores the measurement output in y i .The other half of the bipartite state is sent to Charlie.
Similarly, Bob selects a measurement setting b i ∈ {X, Z} with probabilities p x and 1 − p x , respectively, measures one half of the bipartite state with it and stores the measurement output in y i .The other half of the bipartite state is sent to Charlie.

Charlie's operation:
Charlie makes an entangling measurement on the quantum states sent by Alice and Bob, and if it is successful, he broadcasts f i = pass, otherwise he broadcasts f i = fail.Furthermore, if f i = pass, then Charlie communicates g i ∈ {0, 1} 2 to Alice and Bob.Finally, Alice uses g i to make correcting bit flip operations.

Sifting:
Alice and Bob announce their choices {h i } i , {a i } i , {b i } i over an authenticated classical channel and identify the following sets: key generation X := {i : The protocol repeats steps ( 1)-( 3) as long as |X | < m x or |Z| < m z or |J | < m j , where m x , m z , m j ∈ N. We refer to these as the sifting condition.

Parameter estimation:
To compute the CHSH value from J , Alice uses the following formula, S test := 8 Next, both Alice and Bob publicly announce the corresponding bit strings {y i } i∈Z , {y i } i∈Z and compute the error rate they abort the protocol.

5.
One-way classical post-processing: Alice and Bob choose a random subset of size m x of X for postprocessing.An error correction protocol that leaks at most leak EC -bits of information is applied, then an error verification protocol (e.g., this can be implemented with two-universal hashing) that leaks log 2 (1/ε cor ) -bits of information is applied.If the error verification fails, they abort the protocol.Finally, Alice and Bob apply privacy amplification [32] with two-universal hashing to their bit strings to extract a secret key of length [33].

V. SECURITY DEFINITION
Let us briefly recall the criteria for a generic QKD protocol to be secure.A QKD protocol either aborts or provides Alice and Bob with a pair of key strings, S A and S B , respectively.If we denote by E the information that the eavesdropper (Eve) gathers during the protocol execution, then the joint state of S A and E can be described by a classical-quantum state, ρ S A E = s |s s| ⊗ ρ s E where {ρ s E } s are quantum systems (conditioned on S A taking values s) held by Eve.The QKD protocol is called ε cor -correct if Pr[S A = S B ] ≤ ε cor , and where p abort is the probability that the protocol aborts and U S A is the uniform mixture of all possible values of the key string S A .Accordingly, we say that the QKD protocol is (ε cor + ε sec )-secure if it is both ε cor -correct and ε sec -secret [22,33,34].Note that this security definition guarantees that the QKD protocol is universally composable [33,34].That is, the pair of key strings can be safely used in any application (e.g., for encrypting messages) that requires a perfectly secure key (see [33] for more details).

VI. SECURITY ANALYSIS
In the following, we present the main result and a sketch of its proof.For more details about the proof, we refer to the Appendix.
The correctness of the protocol is guaranteed by the error verification protocol which is parameterized by the required correctness ε cor .
Main Result.The protocol with parameters where h denotes the binary entropy function, Ŝtol := S tol − ξ and Qtol := Q tol + µ, with the statistical deviations given by Proof sketch.Conditioned on passing all the tests in the parameter estimation step, let X A be the random variable of length m x that Alice gets from X and let E denote Eve's information about X A at the end of the error correction and error verification protocols.
We use the following result from [33].By using privacy amplification with two-universal hashing, a ∆-secret key of length can be generated from for any ε > 0.Here H 3ε min (X A |E ) denotes the smooth min-entropy [33].It therefore suffices to bound this entropy in terms of the tolerated values (S tol , Q tol and η tol ).
First, using chain rules for smooth entropies [33], we get , where E denotes Eve's information after the parameter estimation step.Then, from the generalised entropic uncertainty relation [35], we further get where c * is the effective overlap of Alice's measurements (a function of the measurements corresponding to settings Z, X and the marginal state).Here, Z A can be seen as the bit string Alice would have obtained if she had chosen setting Z instead.Likewise, Z B represents the bit string obtained by Bob with setting Z. From Ref. [22], the smooth max-entropy of the alternative measurement is bounded by the error rate sampled on the set , where µ is the statistical deviation due to random sampling theory, i.e., with high probability, the error rate between Z A and Z B is smaller than Q tol + µ.
It remains to bound the effective overlap c * with S tol and η tol .First, we note that X is independent of Charlie's outputs and X ⊆ X with equality only if Charlie always outputs a pass.Furthermore, X is not necessarily a random subset of X as a malicious Charlie can control the content of X (this is discussed later).Assuming the worst case scenario, it can be shown that c * ≤ 1/2 + (c * − 1/2) /η, where η = |X |/| X | is the efficiency of Charlie's operation and c * is the effective overlap of X .Next, by establishing a relation between the effective overlap and the local CHSH test [35] (for completeness, we provide a more concise proof in Lemma 6 in the Appendix) and using random sampling theory, we further obtain Here ξ quantifies the statistical deviation between the expected CHSH value and the observed CHSH value, and ζ quantifies the statistical deviation between the effective overlaps of X and J , respectively.
Putting everything together, we obtain the secret key length as stated by Eq. ( 1).
Asymptotic limit.In the following, we consider the secret fraction defined as f secr := /m x [3].In the asymptotic limit N → ∞ and using leak EC → h(Q tol ) (corresponding to the Shannon limit), it is easy to verify that the secret fraction reaches The expression reveals the roles of the modes of operation Γ CHSH and Γ QKD .The first provides a bound on the quality of the devices (which is taken into account by the log 2 term) and the latter, apart from generating the actual key, is a measure for the quality of the quantum channel.

VII. DISCUSSION
We have proposed a DIQKD protocol which provides security even if the losses of the channel connecting Alice and Bob would not allow for a detection-loophole free Bell test.Nevertheless, the security of the protocol still depends on the losses and the protocol therefore needs to perform a check to ensure that Charlie does not output a fail too often.This dependence from the failure probability arises from the fact that a malicious Charlie may choose to output a pass only when Alice and Bob's devices behave badly.Therefore, the CHSH value calculated from Alice's CHSH sample is not a reliable estimate for the overlap of the sample used to generate the key string.However, with the CHSH test, Alice can estimate how often her devices behave badly and thus determine the minimum tolerated efficiency (or the maximum tolerated failure probability) of Charlie.This is illustrated in Fig. 2 where large values of S tol are required to tolerate small values of η tol .
Taking the asymptotic limit and the maximal CHSH value, we see that the secret fraction is independent of η tol , which is not so surprising since the maximal CHSH value implies that the devices of Alice are behaving ideally all the time.Remarkably, we recover the asymptotic secret fraction for the BB84 protocol [36].
From a practical point of view, the possibility to consider very small values of η tol is certainly appealing, since it suggests that the distance between Alice and Bob can be made very large.A quick calculation using the best experimental values [37] (i.e., η tol ≈ t/2 and S tol ≈ 2.81 where t is the channel transmission) shows that the secret fraction is positive for t > 0.45.This translates to about a 17km optical fiber between Alice and Bob.Accordingly, to achieve larger distances, we would need a local CHSH test that generates violations larger than those achieved by current experiments.

VIII. CONCLUSION
In summary, we provide an alternative approach towards DIQKD, where the Bell test is not carried out between Alice and Bob but rather in Alice's laboratory.On a conceptual level, our approach departs from the general belief that the observation of a Bell violation between Alice and Bob is necessary for DIQKD.On the practical side, it offers the possibility to replace the extremely challenging task of implementing a long distance detection-loophole free Bell test with a less challenging task, i.e., implementing a local detectionloophole free Bell test.In fact, recently, there has been very encouraging progress towards the implementation of a local detection-loophole free CHSH test [38].In view of that, we believe an experimental demonstration of DIQKD with local Bell tests is plausible in the near future.

APPENDIX: Details of security analysis
We present the proof for the main result given in the main text.First, we discuss about the assumptions and then introduce the necessary technical lemmas.Second, we establish a relation between the local CHSH test and a generalized version of smooth entropic uncertainty relation (Lemma 6).Third, we provide the required statistical statements for estimating certain quantities of the bit strings of Alice and Bob.Finally, we state our main result (Theorem 1) which is slightly more general than the main result presented above.

Notations
We assume that all Hilbert spaces denoted by H, are finite-dimensional.For composite systems, we define the tensor product of H A and H B as H AB := H A ⊗ H B .We denote P(H) as the set of positive semi-definite operators on H and S(H) as the set of normalised states on H, i.e., S(H) = {ρ ∈ P(H) : tr(ρ) = 1}.Furthermore, for a composite state ρ AB ∈ S(H AB ), the reduced states of system A and system B are given by ρ A = tr B (ρ AB ) and ρ B = tr A (ρ AB ), respectively.A positive operator valued measure (POVM) is denoted by M := {M x } x where x M x = 1.For any POVM, we may view it as a projective measurement by introducing an ancillary system, thus for any POVM with binary outcomes, we may write it as an observable O = x∈{0,1} (−1) x M x , such that x∈{0,1} M x = 1.We also use x := (x 1 , x 2 , . . ., x n ) to represent the concatenations of elements and [n] to denote {1, 2, . . ., n}.The binary entropy function is denoted by h(x) := −x log 2 x − (1 − x) log 2 (1 − x).

Basic assumptions on Alice's and Bob's abilities
Prior to stating the security proof, it is instructive to elucidate the basic assumptions necessary for the security proof.In particular, the assumptions are detailed in the following: 1. Trusted local sources of randomness.Alice (also Bob) has access to a trusted source that produces a random and secure bit value upon each use.Furthermore, we assume the source is unlimited, that is, Alice can use it as much as she wants, however the protocol only requires an amount of randomness linear in the number of quantum states generated.
2. An authenticated but otherwise insecure classical channel.Generally, this assumption is satisfied if Alice and Bob share an initial short secret key [39,40].Note that the security analysis of such authentication schemes was recently extended to the universally composable framework [33,34] in Ref [41], which allows one to compose the error of the authentication scheme with the errors of the protocol, giving an overall error on the security.

3.
No information leaves the laboratories unless the protocol allows it.This assumption is paramount to any cryptographic protocol.It states that information generated by the legitimate users is appropriately controlled.More concretely, we assume the followings (a) Communication lines.-Theonly two communication lines leaving the laboratory are the classical and the quantum channel.Furthermore, the classical channel is controlled, i.e., only the information required by the protocol is sent.
(b) Communication between devices.-Thereshould be no unauthorized communication between any devices in the laboratory, in particular from the measurement devices to the source device.
4. Trusted classical operations.Classical operations like authentication, error correction, error verification, privacy amplification, etc must be trusted, i.e., we know that the operations have ideal functionality and are independent of the adversary.
5. Measurement and source devices are causally independent.This means each use of the device is independent of the previous uses.For example, for N uses of a source device and a measurement that produces a bit string x := (x 1 , x 2 , . . ., x n ), we have where M x is the POVM element corresponding to the outcome x.

Technical lemmas
Lemma 1 (Jordan's lemma [5,42]).Let O and O be observables with eigenvalues ±1 on Hilbert space H. Then there exists a partition of the Hilbert space, where H i satisfies dim(H i ) ≤ 2 for all i.
Lemma 2 (Chernoff-Hoeffding [43]).Let X := 1 n i X i be the average of n independent random variables X 1 , X 2 , . . ., X n with values in [0, 1], and let µ : Lemma 3 (Serfling [44]).Let {x 1 , . . ., x n } be a list of (not necessarily distinct) values in [a, b] with average µ := 1 n i x i .Let the random variables X 1 , X 2 , . . ., X k be obtained by sampling k random entries from this list without replacement.Then, for any δ > 0, the random variable Corollary 4. Let X := {x 1 , . . ., x n } be a list of (not necessarily distinct) values in [0, 1] with the average µ X := 1 n i=1 x i .Let T of size k be a random subset of T with the average µ T := 1 t i∈T x i .Then for any ε > 0, the set K = X \ T with average µ Proof.Since T is a random sample of X , from Lemma 3, we have Using µ X = t n µ T + n−t n µ K we finish the proof.
The main ingredient is a fine-grained entropic uncertainty relation (see [45,Corollary 7.3] and [35]).Lemma 5. Let ε > 0, ε ≥ 0 and ρ ∈ S ≤ (H ABC ).Moreover let M = {M x }, N = {N z } be POVMs on H A , and K = {P k } a projective measurement on H A that commutes with both M and N. Then the post-measurement states where the effective overlap is defined as Note that (1) is a statement about the entropies of the post-measurement states ρ XB and ρ ZC , thus it also holds for any measurements that lead to the same postmeasurement states.Accordingly, one may also consider the projective purifications M and N of M and N, applied to ρ A ⊗ |φ φ|, where |φ is a pure state of an ancillary system.Since both measurement setups {ρ, M, N} and {ρ A ⊗|φ φ|, M , N } give the same post-measurement states, the R.H.S of (1) holds for both c * (ρ A , M, N) and c * (ρ A ⊗ |φ φ|, M , N ).We can thus restrict our considerations to projective measurements.
In the protocol considered, Alice performs independent binary measurements - -on each subsystem i.We can reduce (2) to operations on each subsystem, if we choose K = {Pk} to also be in product form, i.e., Pk = i P i ki , where k is a string of (not necessarily binary) letters k i ∈ K. Then plugging this, M x = i M i xi and N z = i N i zi in the norm from (2), we get Putting this in (2) with ρ = i ρ i , p i k := tr(P i k ρ i ), and dropping the subscript i when possible, we obtain, In the following we will refer to as the overlap of the measurements {M i x } x and {N i z } z .
4. An upper bound on the effective overlap with the CHSH value In this section, we first introduce the notion of CHSH operator [46] and then prove the relation between the CHSH test and the effective overlap (5).
In the CHSH test, two space-like separated systems share a bipartite state ρ and each system has two measurements.More specifically, system A has POVMs {M 0 0 , M 0 1 } and {M 1 0 , M 1 1 } and system T has POVMs {T 0 0 , T 0 1 } and {T 1 0 , T 1 1 }.Since for any POVM there is a (unitary and) projective measurement on a larger Hilbert space that has the same statistics, we can restrict our considerations to projective measurements.Then, we may write the POVMs as observables with ±1 outcomes, i.e., at the site of the first system, the two observables are O 0 A := 1 s=0 (−1) s M 0 s and O 1 A := 1 s=0 (−1) s M 1 s .Furthermore, the measurements are chosen uniformly at random.As such, the CHSH value is given by S(ρ, β) := Tr(ρβ) where the CHSH operator is defined as where u, v and s, t are the inputs and outputs, respectively.The maximization of S(ρ, β) over the set of density operators for a fixed β is defined by S max (β).Moreover, the CHSH operator can be decomposed into a direct sum of two-qubits subspaces via Lemma 1. Mathematically, we may write A P k where {P k } k is a set of projectors such that dim(P k ) = 2 ∀ k.Note that in Lemma 1, one may select a partition of the Hilbert space such that each block partition has dimension two.This allows one to decompose the general CHSH operator into direct sums of qubits CHSH operators.Likewise, for the measurements of Bob, For all k, P k O 0 A P k and P k O 1 A P k can be written in terms of Pauli operators, where m k and n k are unit vectors in R 3 k and Γ k is the Pauli vector.Combining ( 6) and ( 7) yields and it can be verified that where Whenever the context is clear, we write S = S(ρ, β) and S max = S max (β).
In the following analysis, we consider only one subsystem, the superscript i is omitted, i.e., we use c * = k p k c k instead.
Next, we want to relate c k to the CHSH value.Using the result of Seevinck and Uffink [47], for all r, (11) satisfies where sin(θ k ) and sin(θ r ) quantify the commutativity of Alice's kth and system T's rth measurements, respectively.From ( 13) and ( 14) we obtain for all r, where we use the fact that the right hand side is a monotonic decreasing function.Finally, we get and the inequality is given by the Jensen's inequality and (9).

Statistics and efficiency of Charlie's operation
We recall in the protocol description, after the sifting step, Alice and Bob identify sets X , Z and J .Also, they have X where | X | corresponds to the total number of times Alice chooses sub-protocol Γ QKD , and both Alice and Bob choose setting X.
Part of the goal is to estimate the average overlap of set X with the observed CHSH values (evaluated on sets J ) and the efficiency of Charlie's operation η.Note that η = |X |/| X |.To do that, we need the following two lemmas: the first (Lemma 7) gives a bound on the average effective overlap of X in terms of the average effective overlap of X and the efficiency of Charlie's operation η, and the second (Lemma 8) gives a bound on the probability that the observed CHSH value is larger than the expected CHSH value.Lemma 7. Let c * X and c * X be the average effective overlaps of X and X , respectively, and let η : Proof.First, we note that X ⊆ X with equality only if Charlie always outputs a pass (or has perfect efficiency).Next, we consider {c * ,i } i∈ X in decreasing order, that is, Accordingly, the average overlap of X can be written as where we consider that X collects the large effective overlaps, and the inequality is given by c Lemma 8. Let S J be the average CHSH value on m j independent systems, and S test the observed CHSH on these systems.Then Proof.We define the random variable , where u i , v i , s i , t i are the inputs and outputs, respectively of the measurements on system i, and and S test = Y J .The proof is then immediate from Lemma 2.

Secrecy analysis
With the relevant results in hand, we are ready to prove our main result which roughly follows the same line of argument as Ref. [22].The main differences are the use of a more general smooth entropic uncertainty relation (Lemma 5) to bound the error on the secrecy, and the CHSH test to bound the effective overlap of the measurement operators and states used by the uncertainty relation (Lemma 6).Since the players can only sample the CHSH violation, we use Lemma 7 to bound the distance between this estimate and the expected effective overlap of the key set.The correctness of the protocol are evaluated in exactly the same way as in Ref [22], so we refer to that work for the corresponding bounds and theorems.We only prove the secrecy of the protocol here.
Contrary to most QKD protocols, the protocol adopts a tripartite model where Charlie is supposed to establish entanglement between Alice and Bob.Thus in our picture, we can view Charlie as an accomplice of the adversary and evaluate the secrecy on the overall state conditioned on the events where Charlie outputs a pass.
We briefly recall the main parameters of the protocol, which are detailed in the protocol definition given in the paper.Conditioned on the successful operation of Charlie (the events whereby Charlie outputs a pass), Alice and Bob generate systems until at least m x of them have been measured by both of them in the basis X, m z have been measured in the basis Z, and j have been chosen for both CHSH tests.The tolerated error rate and the CHSH value are Q tol and S tol , respectively.
Furthermore, we take that our information reconciliation scheme leaks at most leak EC + log(1/ε cor ) -bits of information, where an error correction scheme which leaks at most leak EC -bits of information is applied [33], then an error verification scheme using two-universal hashing which leaks log(1/ε cor ) -bits of information is applied.If the error verification fails, they abort the protocol.
Theorem 1.The protocol is ε sec -secret if for some ε Q , ε UCR , ε PA , ε c * , ε CHSH > 0 such that 4ε Q + 2ε UCR + ε PA + ε c * + ε CHSH ≤ ε sec , the final secret key length satisfies where Proof.Let Ω be the event that Q test ≤ Q tol and S test ≥ S tol and η ≥ η tol .If Ω fails to occur, then the protocol aborts, and the secrecy error is trivially zero.Conditioned on passing these tests, let X be the random variable on strings of length m x that Alice gets from the set X , and let E denote the adversary's information obtained by eavesdropping on the quantum channel.After listening to the error correction and hash value, Eve has a new system E .Using log(1/ε cor ) ≤ log 2 (2/ε cor ) (the number bits used for error correction and error verification) and using chain rules for smooth entropies [33]  , where Z can be seen as the outcome Alice would have gotten if she had measured the same systems in the corresponding basis Z, and B is Bob's system in this case (before measurement).
The max-entropy of the alternative measurement is then bounded by the error rate sampled on the m z systems Z [22]: where ε = ε Q / √ p Ω and p Ω := Pr[Ω].
Next, we bound c * (evaluated on Alice's devices from X ) in terms of the observed CHSH value S test .We first use the arithmetic-geometric mean's inequality, from which we get where c * X is the average effective overlap on X .Using Lemma.7, we get Since X is randomly chosen by Alice and is independent of Charlie, c * X can be estimated from c * J , i.e.Lemma 6 can now be used together with Jensen's inequality, so with probability at least 1 − ε , We still need to take into account that we only have an approximation for the CHSH value of the systems in J .
From Lemma 8 we get that Finally, the bound on the error of privacy amplification by universal hashing [33] says that the error is less than 4ε + 2ε UCR + ε PA as long as Putting all the above equations together we get (15), with a total error conditioned on the event Ω of at most 4ε+2ε UCR +ε PA +ε +ε .If we remove this conditioning, the error is then
Secret fraction /mx as a function of the tolerated efficiency of Charlie's operation η tol (including channel losses).We consider a depolarising channel with a fixed error rate Q tol = 1% and we bound the min-entropy of the X given E